[prev in list] [next in list] [prev in thread] [next in thread]
List: shadow
Subject: [RFC] how to get some standing issues integrated
From: Mike Frysinger <vapier () gentoo ! org>
Date: 2006-07-18 19:16:00
Message-ID: 200607181516.01251.vapier () gentoo ! org
[Download RAW message or body]
[Attachment #2 (multipart/signed)]
so i have some patches that address:
- `./configure` on non-selinux always fails, need to use --without-selinux
- login_nopam.c needs more USE_NIS checks
- environ in su is set too earlier
- fix usergroup behavior (-n/-g) in useradd
how do i go about getting these merged ? i may have just missed the relevant
comments (in which case feel free to smack me), but i'm not entirely sure
what is objectionable about these :)
-mike
[Attachment #5 (application/pgp-signature)]
["shadow-4.0.14-su-fix-environment.patch" (text/x-diff)]
The patch from upstream (shadow-4.0.11.1-SUPATH.patch) sets environ too
early when using PAM, so move it to !USE_PAM.
--- shadow-4.0.14/src/su.c
+++ shadow-4.0.14/src/su.c
@@ -594,11 +594,6 @@
addenv ("PATH", cp);
}
-#ifndef USE_PAM
- /* setup the environment for PAM later on, else we run into auth problems */
- environ = newenvp; /* make new environment active */
-#endif
-
if (getenv ("IFS")) /* don't export user IFS ... */
addenv ("IFS= \t\n", NULL); /* ... instead, set a safe IFS */
@@ -666,6 +664,8 @@
exit (1);
}
#else /* !USE_PAM */
+ environ = newenvp; /* make new environment active */
+
if (!amroot) /* no limits if su from root */
setup_limits (&pwent);
["shadow-4.0.16-fix-useradd-usergroups.patch" (text/x-diff)]
--- src/useradd.c
+++ src/useradd.c
@@ -114,7 +114,7 @@ static int do_grp_update = 0; /* group f
static char *Prog;
static int
- bflg = 0, /* new default root of home directory */
+ bflg = 0, /* new default root of home directory */
cflg = 0, /* comment (GECOS) field for new account */
dflg = 0, /* home directory for new account */
Dflg = 0, /* set/show new user default values */
@@ -253,6 +253,12 @@ static void get_defaults (void)
const struct group *grp;
/*
+ * Pull relevant settings from login.defs first.
+ */
+ if (getdef_bool ("USERGROUPS_ENAB"))
+ nflg = -1;
+
+ /*
* Open the defaults file for reading.
*/
@@ -628,6 +634,8 @@ static void usage (void)
" -K, --key KEY=VALUE overrides /etc/login.defs defaults\n"
" -m, --create-home create home directory for the new user\n"
" account\n"
+ " -n, --user-group create a new group with the same name as the\n"
+ " new user\n"
" -o, --non-unique allow create user with duplicate\n"
" (non-unique) UID\n"
" -p, --password PASSWORD use encrypted password for the new user\n"
@@ -1009,6 +1017,7 @@ static void process_flags (int argc, cha
{"skel", required_argument, NULL, 'k'},
{"key", required_argument, NULL, 'K'},
{"create-home", no_argument, NULL, 'm'},
+ {"user-group", no_argument, NULL, 'n'},
{"non-unique", no_argument, NULL, 'o'},
{"password", required_argument, NULL, 'p'},
{"shell", required_argument, NULL, 's'},
@@ -1016,7 +1025,7 @@ static void process_flags (int argc, cha
{NULL, 0, NULL, '\0'}
};
while ((c =
- getopt_long (argc, argv, "b:c:d:De:f:g:G:k:K:mMop:s:u:",
+ getopt_long (argc, argv, "b:c:d:De:f:g:G:k:K:mMnop:s:u:",
long_options, NULL)) != -1) {
switch (c) {
case 'b':
@@ -1156,6 +1165,9 @@ static void process_flags (int argc, cha
case 'm':
mflg++;
break;
+ case 'n':
+ nflg = 1;
+ break;
case 'o':
oflg++;
break;
@@ -1203,6 +1215,16 @@ static void process_flags (int argc, cha
usage ();
/*
+ * Using --gid and --user-group doesn't make sense.
+ */
+ if (nflg == -1 && gflg)
+ nflg = 0;
+ if (nflg && gflg) {
+ fprintf (stderr, _("%s: options -g and -n conflict\n"), Prog);
+ exit (E_BAD_ARG);
+ }
+
+ /*
* Either -D or username is required. Defaults can be set with -D
* for the -b, -e, -f, -g, -s options only.
*/
@@ -1725,7 +1747,7 @@ int main (int argc, char **argv)
* to that group, use useradd -g username username.
* --bero
*/
- if (!gflg) {
+ if (nflg) {
if (getgrnam (user_name)) {
fprintf (stderr,
_
@@ -1759,7 +1781,7 @@ int main (int argc, char **argv)
/* do we have to add a group for that user? This is why we need to
* open the group files in the open_files() function --gafton */
- if (!(nflg || gflg)) {
+ if (nflg) {
find_new_gid ();
grp_add ();
}
["shadow-4.0.13-nonis.patch" (text/x-diff)]
--- src/login_nopam.c
+++ src/login_nopam.c
@@ -50,7 +50,9 @@
#include <netinet/in.h>
#include <arpa/inet.h> /* for inet_ntoa() */
extern struct group *getgrnam ();
+#ifdef USE_NIS
extern int innetgr ();
+#endif
#if !defined(MAXHOSTNAMELEN) || (MAXHOSTNAMELEN < 64)
#undef MAXHOSTNAMELEN
@@ -178,6 +180,7 @@ static char *myhostname (void)
return (name);
}
+#ifdef USE_NIS
/* netgroup_match - match group against machine or user */
static int
netgroup_match (const char *group, const char *machine, const char *user)
@@ -193,6 +196,7 @@ netgroup_match (const char *group, const
return innetgr (group, machine, user, mydomain);
}
+#endif
/* user_match - match a username against one token */
static int user_match (const char *tok, const char *string)
@@ -214,8 +218,10 @@ static int user_match (const char *tok,
*at = 0;
return (user_match (tok, string)
&& from_match (at + 1, myhostname ()));
+#ifdef USE_NIS
} else if (tok[0] == '@') { /* netgroup */
return (netgroup_match (tok + 1, (char *) 0, string));
+#endif
} else if (string_match (tok, string)) { /* ALL or exact match */
return (YES);
} else if ((group = getgrnam (tok))) { /* try group membership */
@@ -271,9 +277,12 @@ static int from_match (const char *tok,
* contain a "." character. If the token is a network number, return YES
* if it matches the head of the string.
*/
+#ifdef USE_NIS
if (tok[0] == '@') { /* netgroup */
return (netgroup_match (tok + 1, string, (char *) 0));
- } else if (string_match (tok, string)) { /* ALL or exact match */
+ } else
+#endif
+ if (string_match (tok, string)) { /* ALL or exact match */
return (YES);
} else if (tok[0] == '.') { /* domain: match last fields */
if ((str_len = strlen (string)) > (tok_len = strlen (tok))
_______________________________________________
shadow mailing list
shadow@pld.org.pl
http://mail.pld.org.pl/mailman/listinfo/shadow
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic